Encryption Everywhere Program powered by DigiCert is a turn-key partnership program that enables you to bring security solutions to small business owners, some of whom-right now-have nothing in place, and have no idea of how dangerous that is.

PartnerLink is a comprehensive online tool, exclusively for Symantec Website Security partners. Now, existing partners have one location to access everything they need to sell, manage and support their Symantec Website Security solutions.

SECURITY TOPICS

Code Signing 101

Code signing does two things: it confirms who the author of the software is and proves that the code has not been altered or tampered with after it was signed. Both are extremely important for building trust from customers and safely distributing your software.

556 million adults worldwide experienced some form of cybercrime in 2012, according to the Symantec Internet Threat Security Report. When you consider that the average loss per cybercrime incident is $197, it’s no wonder people are extremely careful when it comes to downloading executable files from the internet.

That said, it’s worth doing whatever it takes to gain their trust: online distribution means you can distribute software updates faster, you broaden your potential customer base and you can considerably cut costs since there is no postage or discs and packaging to manufacture. Providing verifiable proof that as the author of the code, you are who you say you are and that your code is in no way corrupted or malicious is therefore a no-brainer. In fact, many third party publishers and mobile network providers now insist upon code signing to protect their users.

Introduction to Code Signing

Introduction to Code Signing

So, How Does Code Signing Work?

The process for code signing is similar to that used for SSL/TLS certificates, where a pair of cryptographic keys is used, one public and one private, to identify and authenticate both you and your code. The best and safest way to obtain a private key is by applying for a certificate from a trusted certificate authority (CA), such as Symantec, who will take you through an authentication process. Once you have your certificate, you can then generate your private key. Your choice of CA is important as it can affect how far you are able to distribute your software. Symantec, for example, provides certificates for a wide range of desktop and mobile platforms, including Windows Phone and Android.

You then sign your executable file or library of software using this private key, which can only be unlocked by public keys that are traceable to the CA, and which are preinstalled on most browsers. If the code has been tampered with after signing, the public key will not be able to verify the authenticity of your private key signature and the browser will flash up a warning to anyone trying to download it. If the code has remained intact then your file will be delivered and downloaded seamlessly. It’s as simple as that.

Symantec helps you deliver your apps and code to more customers on more platforms than any other provider. More developers and publishers rely on Symantec, the most recognized and trusted Certificate Authority (CA) worldwide, than any other CA.